Troy Hunt

NOVEMBER 6, 2023

I like to think of investigating data breaches as a sort of scientific search for truth. You start out with a theory (a set of data coming from an alleged source), but you don't have a vested interested in whether the claim is true or not, rather you follow the evidence and see where it leads. Verification that supports the alleged source is usually quite straightforward , but disproving a claim can be a rather time consuming exercise, especially when a dataset contains fragments of truth m

Data breaches 340

Data breaches Accountability Passwords 340

Bleeping Computer

NOVEMBER 27, 2023

Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [.

145

145

Schneier on Security

NOVEMBER 15, 2023

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

360

360

Krebs on Security

NOVEMBER 11, 2023

In the summer of 2022, KrebsOnSecurity documented the plight of several readers who had their accounts at big-three consumer credit reporting bureau Experian hijacked after identity thieves simply re-registered the accounts using a different email address. Sixteen months later, Experian clearly has not addressed this gaping lack of security. I know that because my account at Experian was recently hacked, and the only way I could recover access was by recreating the account.

Accountability 333

Accountability Authentication Passwords Identity Theft 333

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

NOVEMBER 19, 2023

A hacking gang known as Scattered Spiders soundly defeated the cybersecurity defenses of MGM and Caesars casinos. Related: Russia puts the squeeze on US supply chain This cost the Las Vegas gambling meccas more than $100 million while damaging their reputations. As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA).

Social Engineering 310

Social Engineering Passwords Authentication Marketing 310

Anton on Security

NOVEMBER 6, 2023

Frankly, not sure why I am writing this, I get a sense that this esoteric topic is of interest to a very small number of people. But hey … LinkedIn made me do it :-) And many of those few people are my friends or at least close industry peers. So, the topic is so-called “decoupled SIEM” (I probably made up the term, but …hey… at least this is not an acronym like EDR so YMMV).

Engineering 245

Engineering Data collection Threat Detection Technology 245

Lohrman on Security

NOVEMBER 26, 2023

In the past year, ChatGPT has become one of the fastest growing online services ever. But how popular are the generative AI apps? A recent study reveals the data behind the growth.

234

234

Schneier on Security

NOVEMBER 13, 2023

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.

Artificial Intelligence 338

Artificial Intelligence Technology Government Education 338

Krebs on Security

NOVEMBER 2, 2023

The login page for the criminal reshipping service SWAT USA Drop. One of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. Here’s a closer look at the Russia-based SWAT USA Drop Service , which currently employs more than 1,200 people across the United States who are knowingly or unwittingly involved in reshipping expensive consumer goods purchased with stolen credit cards.

Cybercrime 312

Cybercrime Marketing Scams Retail 312

The Last Watchdog

NOVEMBER 27, 2023

In cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses. Related: Gen-A’s impact on DevSecOps Robotic process automation is about getting repetitive, rule-based tasks done with the help of software robots , often called “bots.

Cybersecurity 277

Cybersecurity Surveillance Data breaches Cyber threats 277

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 208

Cybersecurity Malware Big data Social Engineering 208

Troy Hunt

NOVEMBER 2, 2023

Yes, the Lenovo is Chinese. No, I'm not worried about Superfish. Yes, I'm running windows. No, I don't want a Framework laptop. Seemed to be a lot of time this week gone on talking all things laptops, and there are clearly some very differing views on the topic. Some good suggestions, some neat alternatives and some ideas that, well, just seem a little crazy.

Threat Detection 286

Threat Detection Mobile 286

Lohrman on Security

NOVEMBER 19, 2023

Don’t let the most wonderful time of the year turn into a holiday crisis. Here’s help to shop securely online this holiday season.

223

223

Schneier on Security

NOVEMBER 30, 2023

This is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack.

Artificial Intelligence 334

Artificial Intelligence 334

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Krebs on Security

NOVEMBER 14, 2023

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature.

Social Engineering 287

Social Engineering Phishing Internet Internet 287

The Last Watchdog

NOVEMBER 12, 2023

The IQ of our smart homes is about to level-up. Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season. Related: Extending digital trust globally Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

Manufacturing 276

Manufacturing Authentication Marketing Encryption 276

Tech Republic Security

NOVEMBER 29, 2023

The Guidelines for Secure AI System Development have been drawn up to help developers ensure security is baked into the heart of new artificial intelligence models.

Artificial Intelligence 207

Artificial Intelligence Cybersecurity 207

Troy Hunt

NOVEMBER 26, 2023

For a weekly update with no real agenda, we sure did spend a lot of time talking about the ridiculous approach Harvey Norman took to dealing with heavy traffic on Black Friday. It was just. unfathomable. A bunch of people chimed into the tweet thread and suggested it may have been by design, but they certainly wouldn't have set out to achieve the sorts of headlines that adorned the news afterwards.

272

272

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Lohrman on Security

NOVEMBER 12, 2023

From the roller-coaster ride in rates to new generative AI uses to dramatic changes in underwriting rules, cyber insurance is evolving fast. Here are some of the latest trends.

Cyber Insurance 170

Cyber Insurance Insurance 170

Schneier on Security

NOVEMBER 27, 2023

There seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims.

Surveillance 330

Surveillance 330

Krebs on Security

NOVEMBER 6, 2023

Last week, KrebsOnSecurity broke the news that one of the largest cybercrime services for laundering stolen merchandise was hacked recently, exposing its internal operations, finances and organizational structure. In today’s Part II, we’ll examine clues about the real-life identity of “ Fearlless ,” the nickname chosen by the proprietor of the SWAT USA Drops service.

Passwords 276

Passwords Cybercrime Accountability Hacking 276

The Last Watchdog

NOVEMBER 14, 2023

Combining DevSecOps with Generative Artificial Intelligence (Gen-AI) holds the potential to transform both software development and cybersecurity protocols. Related: The primacy of DevSecOps Through harnessing the power of Generative AI, enterprises can usher in a new era of DevSecOps, elevating development velocity, security, and robustness to unprecedented levels.

Artificial Intelligence 262

Artificial Intelligence Software Engineering Cybersecurity 262

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 22, 2023

Phishing, infostealer malware, ransomware, supply chain attacks, data breaches and crypto-related attacks are among the top evolving threats in the financial sector, says Sekoia.

Cyber threats 206

Cyber threats Data breaches Phishing Ransomware 206

Troy Hunt

NOVEMBER 11, 2023

Most of this week's video went on the scraped (and faked) LinkedIn data, but it's the ransomware discussion that keeps coming back to mind. Even just this morning, 2 days after recording this live stream, I ended up on nation TV talking about the DP World security incident and whilst we don't have any confirmation yet, it has all the hallmarks of another ransomware case.

Ransomware 262

Ransomware 262

Joseph Steinberg

NOVEMBER 1, 2023

While many people seem to be discussing the dangers of Artificial Intelligence (AI) – many of these discussions seem to focus on, what I believe, are the wrong issues. I began my formal work with AI while a graduate student at NYU in the mid-1990s; the world of AI has obviously advanced quite a bit since that time period, but, many of the fundamental issues that those of us in the field began recognizing almost 3 decades ago not only remain un-addressed, but continue to pose increasingly l

Artificial Intelligence 169

Artificial Intelligence Social Engineering Engineering Phishing 169

Schneier on Security

NOVEMBER 29, 2023

They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.

Engineering 325

Engineering Authentication 325

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Krebs on Security

NOVEMBER 29, 2023

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.

Authentication 273

Authentication Accountability Passwords Antivirus 273

The Last Watchdog

NOVEMBER 14, 2023

Threat intelligence sharing has come a long way since Valentine’s Day 2015. Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

Cyber threats 260

Cyber threats Ransomware Internet Internet 260

Tech Republic Security

NOVEMBER 20, 2023

New botnets, more AI in spearphishing and increases in hack-for-hire business are some of Kaspersky's security predictions. Get extensive APT mitigation tips, too.

Hacking 205

Hacking Artificial Intelligence Mobile Malware 205

Troy Hunt

NOVEMBER 17, 2023

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices. We were outraged at the premise of a government mandating the implementation of a model that could, at their bequest, allow them to intercept traffic without any transparency or accountability.

Identity Theft 243

Identity Theft Government Accountability 243

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity